Upload
shubham-mittal
View
1.520
Download
0
Tags:
Embed Size (px)
DESCRIPTION
Citation preview
Post ExploitationUsing Meterpreter
• Who am I ?• Meterpreter• Meterpreter..why?• Meterpreter..how?• Command
Classification• Post Exploitation • Conclusion
Agenda
Shubham Mittal
Security Consultant @ Hackplanet TechnologiesPenetration Tester Areas Of Working
AV EvasionMalware AnalysisMetasploitSOC
MeterpreterMeterpreter
– Advance Multi Function payload.– Provides core complex and advanced features.– Injects itself into running process.– Meterpreter = Meta Interpreter, interprets commands from
one machine to another.
MeterpreterMeterpreter .. Why?
– Normal Payloads :– Creates a new Process at the target machine.– Don’t work in chroot’d environments.– Limited to commands available on the shell only.
– Meterpreter:– Everything goes into memory, No I/O operations to HDD, hence less
detectable.– Works in chroot’d environment [works in context of exploited process].– Different extensions can be loaded on the fly during post exploitation.– Plus Meterpreter Scripting
A handler is fired.
Remote Machine Enumeration
Vulnerability is triggered.
Payload delivered, using DLL injection
Payload reverts Back, pwning a shell
Meterpreter .. Why?
Command Classification
Meterpreter
Session
Core Commands
STDapi Commands
Priv Commands
Extension- Espia
Commands
Extension- Sniffer
Commands
Extention- Incognito
Commands
• Enumeration of Machine• Screenshots, keyloggers, VNC, etc.• Privilege Escalation• Back-dooring• Session Up gradation• Information Harvesting• Pivoting
Post Exploitation
Pivoting : The Network we will Follow
Conclusion
• Ideal stealth vector for process injection.• Can be a nice tool to integrate with future
exploits.• Meterpreter scripting will definitely give an
aid.• Expectations never ends
Got queries, suggestions, comments : [email protected]